#ifndef _OBFUSCATOR_H #define _OBFUSCATOR_H #include #include extern "C" { #include "xed/xed-interface.h" } #define CLFLAG_IS_LABEL (1<<0) #define CLFLAG_IS_REL_JUMP (1<<1) #define CLFLAG_IS_ABS_ADDR (1<<2) #define CLFLAG_IS_GAGET (1<<3) #define ABS_JUMP_GAGT_SIZE 16 #define END_OF_GROUP_GAGT_SIZE 14 typedef struct _code_link_t { _code_link_t* next; _code_link_t* prev; uint32_t flags; int32_t group; std::string label_name; xed_decoded_inst_t instruction; unsigned char* raw_data; unsigned int raw_data_size; }code_link_t, * pcode_link_t; typedef struct _code_group_t { uint64_t base_address; pcode_link_t start; pcode_link_t end; int32_t size_in_bytes; _code_group_t(uint64_t ba = 0, pcode_link_t s = nullptr, pcode_link_t e = nullptr, int32_t si = 0) : base_address(ba), start(s), end(e), size_in_bytes(si) {}; }code_group_t, *pcode_group_t; typedef struct _obfuscator_t { pcode_link_t code_start; pcode_link_t code_end; std::vector groups; int32_t current_label_id; xed_machine_mode_enum_t machine_mode; xed_address_width_enum_t addr_width; }obfuscator_t, *pobfuscator_t; typedef void* (*FnAllocateMem)(uint32_t size); typedef void (*FnMemCopy)(void* dest, void* src, uint32_t size); //snickers void obf_one_time_please(); //duh bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size); //creates the groups of instructions based on number of bytes bool obf_create_groups(pobfuscator_t obf, int32_t group_size); //replaces all relative jumps with the abs jump gadget void obf_replace_rel_jmps(pobfuscator_t obf); //replaces address in the abs jmp stub with the right address of the given label. bool obf_resolve_abs_addresses(pobfuscator_t obf); //generate all the labels after loaded from buffa bool obf_gen_all_labels(pobfuscator_t obf); //walk backwards or forwards until placing label bool obf_gen_label(pobfuscator_t obf, pcode_link_t start, int32_t delta); //allocate buffers for all groups bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem AllocMem); //copy all instructions from each group into allocated buffers bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy MemCopy); void obf_dbg_print_code(pobfuscator_t obf); void obf_dbg_print_group(pobfuscator_t obf, int group_id); void obf_print_byte_array(void* arr, unsigned int size); #endif